 |
|
 |
|
01.29.09 Developer Tools To Help Create High Quality Websites  By
Mads Kristensen In the first part of the checklist, we looked at creating high quality websites from a client perspective and the tools that helps us do that. In this part we look at the (free) tools that will help us build high quality on the server side of the website. Code quality Treat compiler warnings as errors When you compile your solution in Visual Studio it will by default allow compiler warnings. Compiler warning occurs when there is a problem with the code, but nothing that will result in severe errors. Such a warning could be if you have declared a variable that is never used. These warnings should at all times be treated as errors since they allow you to produce bad code. Keyvan has written a post about how to treat compiler warnings as errors. StyleCop The StyleCop Visual Studio add-in analyses your C# code and validates it against a lot of rules. The purpose of the tool is to force you to build maintainable, well documented code using consistent syntax and naming conventions. I've found that most of the rules are for maintainability and consistency. After using StyleCop on my latest project I will never build a C# project again without it. Some of the rules might seem strange at first glance, but when you give it a closer look you'll find that it actually makes a lot of sense. FxCop This tool should be familiar to most .NET developers by now. It has existed for a long time and is now on version 1.36. FxCop doesn't analyze your C# code but the compiled MSIL code, so it can be used with any .NET language. Some of the rules are the same as in StyleCop, but it also actually helps you write more robust methods that result in fewer errors.
If you use StyleCop and do proper unit testing, then you might not need FxCop, but it's always a good idea to run it on your assemblies. Here's a guide to using FxCop in website projects. Just in case. If you own a Visual Studio Team Edition, then you already have FxCop build in. Security Anti-Cross site Scripting (XSS) Library The Anti-XSS library by Microsoft is not just a fancy way to HTML encode text strings entered by users. It uses white-listing which is much more secure than just trust any input and then HTML encode it in the response. It works with JavaScript, HTML elements and even HTML attributes. Code Analysis Tool .NET (CAT.NET) When your website relies on cookies, URL parameters or forms then it's open for attacks. That's because all three of them is very easy to forge and manipulate by hackers and robots even. By using the CAT.NET add-in for Visual Studio you can now easily analyze the places in your mark-up and code-behind that is vulnerable to those kinds of attacks. CAT.NET analyzes your code and tells you exactly what the problem is. It's easy to use, understand and it lets you build more secure websites. Comments About the Author: Mads Kristensen currently works as a Senior Developer at Traceworks located in Copenhagen, Denmark. Mads graduated from Copenhagen Technical Academy with a multimedia degree in 2003, but has been a professional developer since 2000. His main focus is on ASP.NET but is responsible for Winforms, Windows- and web services in his daily work as well. A true .NET developer with great passion for the simple solution. http://www.madskristensen.dk/ |
||||||||
|
| ||
-- DevWebProFrance is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 © 2009 iEntry Inc. All Rights Reserved Privacy Policy Legal
|
